CVE-2013-2007: QEMU Guest Agent Insecure File Permissions

This vulnerability was reported by Laszlo Ersek of Red Hat and it allows guest privilege escalation when started in daemon mode. As he mentioned, QEMU guest agent creates files with incorrect file permissions. Specifically, at least the files that are affected are the ones created with ‘guest-file-open’ QMP command, shell output redirection, or when invoked by the fsfreeze script.

To overcome this he first updated the umask(2) of become_daemon() routine in qga/main.c as shown below.

}
- umask(0);
+ umask(S_IRWXG | S_IRWXO);
sid = setsid();

The find_open_flag() and safe_open_or_create() functions were added in qga/commands-posix.c as you can see here.